Last updated May 25, 2021
Banuba Limited incorporated and registered in Hong Kong with company number 2360577 whose registered office is at Office A, 16/F Heng Shan Centre 145 Queen’s Road East, Wan Chai, Hong Kong together with companies in the same corporate group, is committed to protect Your privacy and provide positive experience when you use our video conferencing and communication Whoosh application (the “App”).
“Advertising ID” means Apple Identifier for Advertisers (“IDFA”) on Apple and Google Advertising Identity (“GAID”). These are unique identifiers for mobile devices that advertisers use for personalized advertising. They are consistent across all mobile applications and thus allow cross-app tracking. Advertising IDs are non-permanent, non-personal identifiers, which are uniquely associated with your device.
“Device identifier” means device type, device model, device maker, device operating system and its language or other technical data like screen size or processor, or combination of this data available from a device for a developer for checking the device compatibility with a particular application.
“IP address” or “Internet Protocol Address” mean addresses assigned to computers connected to the Internet. Those addresses can be “dynamic” which means they change each time the computer connects to the Internet, or they can be “static” which means that they are fixed. When a computer requests a web page or other content on the Internet, it sends its IP address to the computer hosting that content asking the server to return the content to its IP address. Without the address, the server would not know where to send the content.
2. Information collected
To make our Apps work well for You within the process of video communication, We offer tools that apply filters and video effects fitting the contours of Your face, modifying the size and shape of facial features and following facial movements. Enabling these services, We have to distinguish patterns of shape and form that compose a digital image of a still or moving face.
We will ask for Your separate permissions to enable Your camera. If You change Your mind, You will be able to revoke the given permission any time afterward by changing settings on Your Device or by e-mailing your request to firstname.lastname@example.org. However, please note that rejecting or switching off this permission might negatively affect the use of our Apps or even affect its full functionality.
We use TrueDepth API technologies (ARKit, with automatic estimation of the real-world directional lighting environment) to create AR effects within the App. The only use of this information is to provide valuable user features. None of the information collected by the TrueDepth API ever leaves the user’s device. We do not share information with third parties, do not store or process in any other way the data which we accessed and used via TrueDepth API. For more information about TrueDepth API technologies, you may visit https://support.apple.com/en-us/HT208108.
2.1 Information We Collect
2.1.1 Within the App functioning we automatically collect from You and/or Your device the following information:
|Personal Data||How We Get It||Type of processing||Legal Basis [Applies only in the EEA, and only within the meaning of the EU’s General Data Protection Regulation (GDPR)]|
|IP address||Automatically through use of the App||
|Account User Data Information we collect when you register for the App Account:
||From Account registrant||
||Directly from You||Conduct anonymized, aggregated analytics to improve performance||
We pay special attention to Your data protection rights making sure that your data protection rights are not overridden by our legitimate interests.
These legitimate interests are: (a) to ensure effective administration and management of Your relationship with us; (b) to understand how You use our Services and how we can improve the customers usage experience; (c) understand and respond to Your feedback; (d) to prevent, detect, or investigate unauthorised use of our Services; (e) ensure we comply with law and our policies; (f) anti-fraud reasons; and (g) manage any disputes and accidents and take legal or other professional advice.
Contractual necessity covers information that is processed by us in order to provide You with service that you have requested – and that we have agreed – to provide to You.
Some information is collected through cookies or by third party providers as explained further. We shall not associate collected IP address or device ID with other information about You, as e-mail, address, or other identifying data specified hereinabove.
2.1.2 As the App functionality is based on face and voice detection, in order to use our App You need to enable Your camera and micro. However, all images and voice records taken by Your device camera or micro shall be processed solely on your device and shall not be sent to our servers, i.e. we do not have access to such images or voice records (we will not collect, share or store them).
2.1.3 The App face detection algorithms used within the processing of Your images are not able to identify a specific person and, therefore, generally cannot be considered as collecting biometric information. However, in case the applicable law stipulates that images captured by the camera or face geometry generated by the App are considered as biometric identifiers, biometric information or similar legal category, hereby you express Your informed written consent on their processing as described in this Policy.
2.1.4 When using our Apps we do not collect information, which identifies or allows to identify You directly (i.e. with no additional information about You), unless you voluntarily provide us with such data (in particular, when communicating with our support team, leaving feedback re your experience with the Apps) or when certain parts of our Services ask you to provide personal information voluntarily (e.g. we process your email when you submit inquiries via Banuba website or the App).
If you leave Your email we may send you our updates (marketing communications) unless you opt-out receiving these messages from us by clicking “UNSUBSCRIBE” inside the message.
2.1.5 In case we start collecting other categories of Your personal data, we shall first explain why we collect it and ask for your express consent for such collection and further processing.
2.2 Information Collected by Third-Party Providers
2.2.1 For the purposes of attribution and tracking the performance of our advertising campaigns and applications, including their effectiveness, usage, installations and downloads, we engage advertising and analytics third party providers (hereinafter – Providers), currently the following Providers are being engaged:
|Provider||Provider’s Data Policy|
|AWS (Amazon Web Services)||https://aws.amazon.com/privacy/|
2.2.2 The Providers may collect the following personal information about users of the Devices: IP address, advertising IDs assigned by our Providers, browsing behavior and location data Such information shall be collected directly by Providers and subsequently shall be shared with us. The Providers may combine such information with other personal information they have in their procession and may use it for targeted advertising, i.e. for showing the most relevant ads to You across the Internet network.
2.2.3 Personal data mentioned in Clause 2.2.2 shall be collected based on our legitimate interest. We will comply with a case-by-case test to ensure eligibility of our legitimate interests, including necessity assessment and balancing tests.
2.2.4 If you do not wish Your data to be processed for receiving a personalized advertising and analytical purposes you may opt-out as described in Clause 3.5 or if applicable simply turning off the switcher in the Settings menu in the App or you may send your request via email@example.com. We will erase your personal data and request our providers to do the same within 30 days upon your request.
2.2.5 Besides statistics data collected by the Providers, the data on how you are using the App will be accessible for us. These data will not be personalized or linked to the device You are using. These data are needed to enable proper operation of the App, in particular, to identify and fix the problems you are facing when using the App.
2.2.6 To enable operation of the App a specific identifier to the statistics and usage data may be generated by some Providers. This identifier is specific for each App (i.e. it is not the same across multiple applications, like advertising ID). This identifier permits us solely to identify that events of using the App belong to the same user, however, does not let it be possible to identify that user.
2.2.7 Other data about Your Devices that do not permit direct association with You or other individuals, such as the operating system, settings, language, wireless network, mobile network information, software, and hardware attributes may be also collected by our Providers.
2.2.8 Personally identifiable information about your online activities over time and across third-party websites or online services, is collected by our Providers which may share it with us. Our Providers generally do not respond to Do Not Track (DNT) signals or other mechanisms that provide You with the ability to exercise choice regarding the collection of such information. Nevertheless, if you want us not to use, or to stop using, such Providers in relation to You, please do not give, or withdraw, Your consent.
2.3.1 We also use various third-party cookies to help us improve our website. Cookies are filed with a small amount of data, which are placed on Your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are stored on your computer’s hard drive.
2.3.2 You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some options of our Service (more details are set out in our Terms and Conditions).
3. Purposes of processing
(a) delivering the Services to you (including, maintaining and monitoring the proper operation of Banuba App, fixing any problems in its operation, making our website more secure, to administer it, including troubleshooting, dealing with your enquiries, complaints and requests);
(b) ensuring and protecting the safety and security of the App, protecting our Intellectual Property Rights and other rights;
(c) conducting statistical and analytical surveys and researches, in particular for improving the Services and your user experience.
3.1.1 Personal data mentioned in Clause 2.2.2 shall be processed by Our Providers for the purposes of:
(a) attribution and tracking the performance of Our advertising campaigns and applications, including their effectiveness, usage, installations and downloads
(b) targeted advertising, i.e. for showing the most relevant ads to users of the Devices across the Internet network.
3.2 In case you voluntarily provide us with any additional personal data, we shall process these data solely for the purposes for which they were provided to us and for no longer they are needed to fulfill such purposes.
3.4 Information collected under Clause 2.2.2. will be used for automated decision making, as our Providers perform their advertising and analytics services based on automated analysis of your browsing behavior. As a consequence of automated decision making:
(a) You will receive advertisements throughout the Internet which the system considers the most relevant to You, and
(b) We shall set certain preferences within your usage of Banuba App (apply different prices, provide different filters, etc.).
3.5 You can always limit collection of Your data used for targeting by managing Your mobile devices:
On Your iPhone, iPad, or iPod touch:
- Go to Settings > Privacy > Advertising.
- Turn on Limit Ad Tracking.
On Your Android:
- Open your device’s Settings app > Google, or open the Google Settings app (differs depending on your device).
- Under “Services,” select Ads.
- Turn on “Opt out of Ads Personalization” by moving the switch to the right until it turns blue. Note: If you clear Your cache, you’ll lose your opt-out setting.
Once you’ve turned off personalization, Google will no longer use your info to personalize your ads. Ads can still be targeted with info like your general location or the content of the website You’re visiting.
4. Sharing of data
4.1 We cannot provide all Services by ourselves. We must, therefore, share collected information with third parties for the purposes as described in section 3 of this Policy. We also reserve the right to disclose Your information (including personally identifiable information) when we are legally required to do so, to disclose your information in an anonymous and aggregated manner, meaning You could not be personally identified from it.
Your information may become available for the following categories of recipients:
(a) the companies being in the same corporate group with us;
(b) data storage, networking and security providers;
(c) advertising and analytics third party providers;
(d) providers assisting us with a client support;
(e) any other providers assisting us with delivering and improving the Services.
4.2 We may also share Your data when it is required by law and/or any regulatory authority. In such circumstances, we will expressly inform the recipient of the confidential nature of the data shared.
4.3 Our third-party providers with whom we share Your data or which directly collect such data via integration with the App may be located in non-EEA countries, where data protection and privacy regulations may be different from Your home country and offer even lower level of protection. You acknowledge such transfer and processing of Your data out of EEA to the countries where data protection and privacy regulations may be different from Your home country and offer even lower level of protection. To safeguard Your interests when transferring Your personal data out of EEA, we will conclude with all out-of-EEA recipients standard data protection clauses adopted by the European Commission or our supervisory authority.
4.4 All third parties with which We share Your data only get the minimum amount of data that are reasonably required in order for them to provide their service to us and therefore to You. The use of the shared information by such third parties is strictly limited to the purposes of processing outlined in Section 4 and is not permitted for any other purpose. All third parties with which we share Your data are required to protect such data in accordance with all relevant laws and regulations and in a manner similar to the way we protect the same.
4.5 We will not share Your data with third parties which are considered as not being able to provide its clients and potential clients with the required level of protection.
5. Your rights
5.1 We respect the privacy rights of our users, and to the extent required by applicable law, will make reasonable commercial efforts to allow You to access, correct, object to the processing of, delete or port any of Your personal data, provided that we are able to properly verify Your identity and link it to any personal data in our possession. With respect to Your personal data we process (if any) You have the right:
(a) to obtain from us the information regarding our processing of Your personal data;
(b) to obtain from us without undue delay the rectification of inaccurate personal data concerning You;
(c) to obtain from us the erasure of Your personal data (Your ‘right to be forgotten’);
(d) to restrict our processing of Your personal data, when it is permitted under applicable law;
(e) to object processing Your personal data where we are processing Your personal data: based on our legitimate interests (as set out above). If you ask us to stop processing Your personal data on this bases, we will stop processing Your personal data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and for direct marketing purposes. If You ask us to stop processing Your personal data on these bases, we will stop;
(f) to obtain from us Your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller without any obstacle on our side;
(g) to withdraw your consent, where we are relying on consent to process your personal data;
(h) to lodge a complaint against us with a supervisory authority for GDPR purposes.
Please contact us via firstname.lastname@example.org to execute any of the rights as stated above.
6. Protecting children’s privacy
6.1 We do not knowingly collect or process personal data from or with respect to children under the age of 16, and you must be 16 years of age or older in order to use the App.
6.2 If you are a parent or legal guardian and believe that Your child under the age of 16 has submitted his or her personal data or other data without Your consent, permission, or authorization – please let us know immediately, and we will promptly act to remove Your child’s data from our database, cease the use of such data and inform any other party we suspect to have access to such data to do the same.
7. Period of processing
7.1 Personal data specified in Section 2 are retained for as long as we need to deliver services to You unless we have a basis to further process your data as described hereinabove.
7.2 Information provided via TrueDepth APItechnologies is stored on the device only for the duration of creating AR effects within the App. When the effect is rendered, the data is discarded.
7.3 If you request erasure of Your data or You deleted our Apps from your device or You unsubscribed from our marketing communications we erase your data from our servers and request our providers to do the same within 30 days upon your request. With respect to non-personal data We are not limited by any particular retention period.
9. Questions and complaints
For California Residents
Beginning January 1, 2020, if you are a resident of California, you will have additional rights under the California Consumer Privacy Act (the “CCPA”) with respect to Your Personal Data, as outlined below.
- Erasure. You may request that we delete the Personal Data that we have collected from you. We will also direct all our service providers to do the same. However, we may not be required to delete your Personal Data under certain circumstances indicated below. Please note that we have the right not to delete your Personal Data upon your request if it is necessary for us to maintain this information in order to
(1) Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’ ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
(2) Detecting security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
(3) Debug to identify and repair errors that impair existing intended functionality.
(4) Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
(5) Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
(6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
(7) To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
(8) Comply with a legal obligation.
(9) Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
If you request that we delete your Personal Data, you may no longer be able to use the Services.
- Access. You may, not more than twice in a twelve-month period, request more information about the Personal Data we hold about you and request a copy of such Personal Data.
- Disclosure. In any time, but not more than twice in a 12-months period, You are allowed to send a verifiable request to disclose the following:
(1) The categories of personal information we have collected about You.
(2) The categories of sources from which the personal information is collected.
(3) The business or commercial purpose for collecting or selling personal information.
(4) The categories of third parties with whom we share Your personal information.
(5) The specific pieces of personal information we have collected about You.
(6) The categories of personal information that we disclosed about You for a business purpose or the fact that we did not disclose it.
(7) The category or categories of Your personal information we have sold, or the fact that we have not sold your personal information.
For this purpose, we will identify by categories Your personal information that we disclosed for a business purpose in the preceding 12 months, and will provide the categories of third parties to whom Your personal information was disclosed for a business purpose in the preceding 12 months. In case we did not disclose Your personal information in the preceding 12 months, we will inform You about it.
Not later than 45 days after we receive your request, we will deliver this information by mail or electronically in a portable and, to the extent technically feasible, in a readily useable format that allows You to transmit this information to another entity without hindrance. The time period for the response mentioned above may be extended for up to 90 additional days where necessary due to the complexity and number of requests. If your request is manifestly unfounded or excessive (in particular because of repetitive character), we may either charge a reasonable fee or refuse to act on the request. In this case, you will be additionally notified.
Please note that we shall keep only the information collected about you during the last 12 months.
Previously collected information may be deleted.
- Communication. For the purposes to execute your rights under these Sections please address Your verifiable requests at our email: email@example.com.
Before we satisfy your request, we may ask you to verify your personality in order to avoid any abuse of rights and to associate the information provided by you in the request with the information previously collected about you
Verifiable request means the request containing your name and Advertising ID. We need your ID since we do not store the information allowing us to identify You. After we receive your ID, we will be able to identify You within our environment and satisfy your request. This information will be used strictly for the purpose of satisfying your request
In case You do not know your Advertising ID, see the instruction below.
Instruction. How to determine your Advertising ID:
iOS: At present, the advertising ID on iOS devices is hidden from users by default but can be retrieved with third-party apps. In order to find your Apple IDFA, a third-party tool is required. There is a wide selection of apps in the App Store. We suggest using this app (https://itunes.apple.com/us/app/myidfa/id1099872451?mt=8) For Android To find your Android Advertising Identifier, open the Google Settings app on your Android device and click on “Ads.” Your Advertising Identifier will be listed at the bottom of the screen.
Please note that we do not have a toll-free number for your requests. We are allowed not to have it under Section 1798.130.(a)(1)(A) of California Civil Code.
- Non-discrimination. The execution of any of your rights under this Section will not affect the scale and quality of services we are providing to You. We shall not discriminate you upon this condition by any means including, but not limited to, by:
(1) Denying goods or services to you.
(2) Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
(3) Providing a different level or quality of goods or services to you.
(4) Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Violation. In case You believe that your rights under CCPA have been violated, please send us the written notice identifying the specific provisions of the CCPA allegedly violated. If we fail to cure the violation during the period of 30 days after the notice was received, You can file the case before the court.
- Updating. This Section shall be updated not less than once upon 12 months.